Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
1
Replies

Redundant VPN Headend?

pboles
Level 1
Level 1

‎01-19-2005 08:42 AM

Currently we are using 3002 Clients terminating to a 3030 Concentrator. I am looking to provide some redundancy, however, a 3030 is overkill since traffic is limited to a T1. We have been looking at a FW or and ISR as a backup terminating device. Is there a way to provide easy management of both head end devices at the same time, ie a 3030 along with a 520 or an 2800 Router? Or am I best going with either multiples of the 3030, FWs or ISR Routers? Thanks

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎01-19-2005 03:36 PM

There's no real "easy" way to provide management of both devices. Plus, if you go with a PIX or router and your VPN3030 fails, how are you going to tell all the 3002's to connect to the other device?

Your best bet to providing proper redundancy is to purchase another concentrator and set it up in a load-balancing config. It doesn't have to be a 3030, you can purchase a 3005 or a 3015 and use that. With load balancing you configure a virtual IP address for the cluster of 30xx's, and you have your 3002's connect to that IP address. The head end concentrators will load balance the connections between themselves, giving more connections to the faster concentrators automatically. If one ever fails they work it out automatically also, and the 3002 just has to reconnect to the virtual address again (which is also automatic) and all the connections will then go to the one working concentrator. You don't need to do anything, and the outage is very minimal.

You can read about it here:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_1/config/lbssf.htm

0 Helpful
Customers Also Viewed These Support Documents